summaryrefslogtreecommitdiff
path: root/schema/shibboleth-2.0-attribute-map.xsd
diff options
context:
space:
mode:
authorBjörn Mattsson <bjorn@sunet.se>2023-10-19 16:05:58 +0200
committerBjörn Mattsson <bjorn@sunet.se>2023-10-19 16:05:58 +0200
commitaf3487b9c4a9b630d88b55c2bcc4bedf257cab4a (patch)
tree2b6988b2c2cb434e8a14cad14430c0537a2d0c8f /schema/shibboleth-2.0-attribute-map.xsd
Added files from Wiki + base files for repo
Diffstat (limited to 'schema/shibboleth-2.0-attribute-map.xsd')
-rw-r--r--schema/shibboleth-2.0-attribute-map.xsd358
1 files changed, 358 insertions, 0 deletions
diff --git a/schema/shibboleth-2.0-attribute-map.xsd b/schema/shibboleth-2.0-attribute-map.xsd
new file mode 100644
index 0000000..31ff798
--- /dev/null
+++ b/schema/shibboleth-2.0-attribute-map.xsd
@@ -0,0 +1,358 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema targetNamespace="urn:mace:shibboleth:2.0:attribute-map"
+ xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:am="urn:mace:shibboleth:2.0:attribute-map"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ elementFormDefault="qualified"
+ version="2.5">
+
+ <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
+
+ <annotation>
+ <documentation>
+ This schema maps SAML attributes into Shibboleth internal attributes.
+ </documentation>
+ </annotation>
+
+ <simpleType name="string">
+ <restriction base="string">
+ <minLength value="1"/>
+ </restriction>
+ </simpleType>
+
+ <simpleType name="anyURI">
+ <restriction base="anyURI">
+ <minLength value="1"/>
+ </restriction>
+ </simpleType>
+
+ <simpleType name="listOfStrings">
+ <list itemType="am:string"/>
+ </simpleType>
+
+ <complexType name="PluggableType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="type" type="am:string" use="required"/>
+ <anyAttribute namespace="##any" processContents="lax"/>
+ </complexType>
+
+ <element name="GSSAPIContext" type="base64Binary">
+ <annotation>
+ <documentation>A wrapper element for GSS-API contexts.</documentation>
+ </annotation>
+ </element>
+
+ <element name="GSSAPIName" type="base64Binary">
+ <annotation>
+ <documentation>A wrapper element for GSS-API composite names.</documentation>
+ </annotation>
+ </element>
+
+ <element name="Attributes">
+ <annotation>
+ <documentation>The set of SAML or GSS-API attribute mappings.</documentation>
+ </annotation>
+ <complexType>
+ <sequence>
+ <element name="MetadataProvider" type="am:PluggableType" minOccurs="0"/>
+ <element name="TrustEngine" type="am:PluggableType" minOccurs="0"/>
+ <element name="AttributeFilter" type="am:PluggableType" minOccurs="0"/>
+ <choice maxOccurs="unbounded">
+ <element name="Attribute" type="am:AttributeType"/>
+ <element name="GSSAPIAttribute" type="am:GSSAPIAttributeType"/>
+ </choice>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="metadataAttributeCaching" type="boolean"/>
+ <attribute name="metadataPolicyId" type="am:string"/>
+ </complexType>
+ </element>
+
+ <complexType name="AttributeType">
+ <annotation>
+ <documentation>Rule for mapping a SAML attribute to an internal attribute.</documentation>
+ </annotation>
+ <sequence>
+ <element name="AttributeDecoder" type="am:AttributeDecoderType" minOccurs="0"/>
+ </sequence>
+ <attribute name="id" type="am:string" use="required">
+ <annotation>
+ <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="aliases" type="am:listOfStrings">
+ <annotation>
+ <documentation>DEPRECATED: Aliases for the internal attribute to which this SAML attribute maps.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="name" type="am:string" use="required">
+ <annotation>
+ <documentation>The SAML 1 AttributeName or SAML 2 Name of the attribute.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="nameFormat" type="am:string">
+ <annotation>
+ <documentation>The SAML 1 Namespace or SAML 2 NameFormat of the attribute.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="isRequested" type="boolean">
+ <annotation>
+ <documentation>Marks an attribute as requested by the service.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="isRequired" type="boolean">
+ <annotation>
+ <documentation>Marks an attribute as required by the service.</documentation>
+ </annotation>
+ </attribute>
+ </complexType>
+
+ <complexType name="GSSAPIAttributeType">
+ <annotation>
+ <documentation>Rule for mapping a GSS-API naming attribute to an internal attribute.</documentation>
+ </annotation>
+ <attribute name="id" type="am:string" use="required">
+ <annotation>
+ <documentation>The internal attribute ID to which this SAML attribute maps.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="aliases" type="am:listOfStrings">
+ <annotation>
+ <documentation>Optional aliases for the internal attribute to which this SAML attribute maps.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="name" type="am:string" use="required">
+ <annotation>
+ <documentation>The name of the naming attribute.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="authenticated" type="boolean">
+ <annotation>
+ <documentation>If true, only an authenticated GSS-API naming attribute will be mapped.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="binary" type="boolean">
+ <annotation>
+ <documentation>If true, the GSS-API naming attribute will be base64-encoded for internal use.</documentation>
+ </annotation>
+ </attribute>
+ <attribute name="scopeDelimiter" type="am:string">
+ <annotation>
+ <documentation>
+ The character(s) used to delimit the scoped information from the scope.
+ </documentation>
+ </annotation>
+ </attribute>
+ </complexType>
+
+ <complexType name="AttributeDecoderType" abstract="true">
+ <annotation>
+ <documentation>
+ Decodes a SAML attribute into its Shibboleth-internal representation.
+ </documentation>
+ </annotation>
+ <attribute name="caseSensitive" type="boolean">
+ <annotation>
+ <documentation>
+ Flag controlling case sensitivity when comparisons to the attribute's values are done.
+ </documentation>
+ </annotation>
+ </attribute>
+ <attribute name="internal" type="boolean">
+ <annotation>
+ <documentation>
+ Flag controlling whether the resulting attribute should be exported for CGI use.
+ </documentation>
+ </annotation>
+ </attribute>
+ <attribute name="langAware" type="boolean">
+ <annotation>
+ <documentation>
+ Flag controlling whether the decoder should select only the best matching value by language.
+ </documentation>
+ </annotation>
+ </attribute>
+ <attribute name="hashAlg" type="am:string">
+ <annotation>
+ <documentation>
+ Crypto-provider-specific name of hash algorithm to use,
+ turning the decoded result into a simple string.
+ </documentation>
+ </annotation>
+ </attribute>
+ </complexType>
+
+ <complexType name="StringAttributeDecoder">
+ <annotation>
+ <documentation>
+ Decoder for attributes with string values.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="am:AttributeDecoderType" />
+ </complexContent>
+ </complexType>
+
+ <complexType name="ScopedAttributeDecoder">
+ <annotation>
+ <documentation>
+ Decoder for attributes with scoped values.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="am:AttributeDecoderType">
+ <attribute name="scopeDelimiter" type="am:string">
+ <annotation>
+ <documentation>
+ The character(s) used to delimit the scoped information from the scope.
+ </documentation>
+ </annotation>
+ </attribute>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="NameIDAttributeDecoder">
+ <annotation>
+ <documentation>
+ Decoder for attributes with NameID values.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="am:AttributeDecoderType">
+ <attribute name="formatter" type="am:string">
+ <annotation>
+ <documentation>
+ The pattern used to generate string versions of the attribute's values.
+ </documentation>
+ </annotation>
+ </attribute>
+ <attribute name="defaultQualifiers" type="boolean">
+ <annotation>
+ <documentation>
+ Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
+ </documentation>
+ </annotation>
+ </attribute>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="NameIDFromScopedAttributeDecoder">
+ <annotation>
+ <documentation>
+ Decoder for attributes with scoped values that produces a NameID attribute with
+ the scope dropped and the NameQualifiers defaulted.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="am:ScopedAttributeDecoder">
+ <attribute name="format" type="am:anyURI">
+ <annotation>
+ <documentation>
+ Value to use as the NameID Format.
+ </documentation>
+ </annotation>
+ </attribute>
+ <attribute name="defaultQualifiers" type="boolean">
+ <annotation>
+ <documentation>
+ Flag controlling whether to default in values for NameQualifier/SPNameQualifier if not set.
+ </documentation>
+ </annotation>
+ </attribute>
+ <attribute name="formatter" type="am:string">
+ <annotation>
+ <documentation>
+ The pattern used to generate string versions of the attribute's values.
+ </documentation>
+ </annotation>
+ </attribute>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="KeyInfoAttributeDecoder">
+ <annotation>
+ <documentation>
+ Decoder for attributes with ds:KeyInfo values.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="am:AttributeDecoderType">
+ <sequence>
+ <element name="KeyInfoResolver" type="am:PluggableType" minOccurs="0"/>
+ </sequence>
+ <attribute name="hash" type="boolean">
+ <annotation>
+ <documentation>
+ Flag controlling whether to hash keys before base64-encoding them.
+ </documentation>
+ </annotation>
+ </attribute>
+ <attribute name="keyInfoHashAlg" type="am:string">
+ <annotation>
+ <documentation>
+ Crypto-provider-specific name of hash algorithm to use.
+ </documentation>
+ </annotation>
+ </attribute>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="XMLAttributeDecoder">
+ <annotation>
+ <documentation>
+ Decoder for directly serializing XML values.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="am:AttributeDecoderType"/>
+ </complexContent>
+ </complexType>
+
+ <complexType name="DOMAttributeDecoder">
+ <annotation>
+ <documentation>
+ Decoder for extracting information from XML values.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="am:AttributeDecoderType">
+ <sequence>
+ <element name="Mapping" minOccurs="0">
+ <annotation>
+ <documentation>Optional transform to turn qualified XML names into string names.</documentation>
+ </annotation>
+ <complexType>
+ <attribute name="from" type="QName" use="required"/>
+ <attribute name="to" type="am:string" use="required"/>
+ </complexType>
+ </element>
+ </sequence>
+ <attribute name="formatter" type="am:string">
+ <annotation>
+ <documentation>
+ The pattern used to generate strings from the XML.
+ </documentation>
+ </annotation>
+ </attribute>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="Base64AttributeDecoder">
+ <annotation>
+ <documentation>
+ Decoder for attributes with base64-encoded string values.
+ </documentation>
+ </annotation>
+ <complexContent>
+ <extension base="am:AttributeDecoderType" />
+ </complexContent>
+ </complexType>
+
+</schema>
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-29 07:40:21 +0000